File System Basics

Permissions

Displayed as a 10 character string by command "ls -l"

1st character: file type
- regular file
d directory
l link
p named pipe
b block special
c char special
n network special
s socket
H hidden

2nd-4th character: owner access
- none
r read access
w write access
x execute permission if file
search permission if directory
s execute + setuid if file
search + fstat permission if directory
S invalid

5th-7th character: group access
-,r,w,x as above
s execute + setgid if file
search + fstat permission if directory
S invalid

8th-10th: universe access
-,r,w,x as above
t execute + sticky if file
1) search + fstat permission if directory
2) search + stops users from deleting or renaming files owned by others
T invalid

ls man page contains the information above
stat(2), chown(1), chmod(1) man pages has info on set id bit effects
chown may not be available on your system except to root
chmod will accept both symbolic & octal representations of permissions
id will show effective and actual user & group ids 

-rw-rw-rw-      usual file permissions if you are not paranoid
drwxrwxr-x      usual dir permissions if you are not paranoid
-rw-r--r--      reasonable file permissions
drwxr-xr-x      reasonable dir permissions
-rw-r-----      usual file permissions if you are paranoid
drwx--x---      usual dir permissions if you are paranoid

File Changes vs. Directory Information Changes

changing a file is the obvious - changing the contents in place (e.g. 'vi')

changing the directory information includes:
removing the reference to the file from the directory (this may or may not delete the file contents)
replacing the contents of the file with a different file
changing the last access time of the file
Suppose we have the following files & directories 
/u/smith        owned by smith with drwx------
/u/smith/file1  owned by jones with -rw-------
/u/smith/file2  owned by jones with -rw-rw-rw-

/u/jones        owned by jones with drwxrwxrwx
/u/jones/file6  owned by smith with -rw-------
/u/jones/file7  owned by smith with -rw-rw-rw-

/u/dean         owned by dean with  drwxr-xr-x
/u/dean/file11  owned by smith with -rw-r--r--
/u/dean/file12  owned by smith with -rw-rw-rw-

no one can access file1
smith can change the dir info about file1 but not the file contents
no one but smith can access file2
smith can change both the dir info & file contents of file2

no one but smith can access file6
everyone can access file7
jones can change the dir info but not the file contents of file6
smith can change the dir info & the file contents of file6
jones can change the dir info and the file contents of file7
smith can change the dir info & the file contents of file7
no one but smith can write file11
everyone can write file11
everyone can read & write file12

dean can change the dir info but not the file contents of file11
smith can change the file contents of file11 but not the dir inof
jones can access file11 but cannot change dir info or the contents
dean can change the dir info & the file contents of file12
smith can change the file contents of file12 but not the dir info
jones can change the file contents of file12 but not the dir info

Suppose you want to make a game program which keeps users high scores but you don't want the users to be able to mess with their scores. 

     1  -rwxr-xr-x      game1
        drwx--x--x      game1_score
        -rw-rw-rw-      game1_score/scores

     2  -rw--w--w-      game1_score/scores

     3  -rw--w--w-      game1_score/._not?*easy?*name_

     4  -rwSr-xr-x      game2
        drwx------      game2_score
        -rw-------      game2_score/scores
  1. ok. Easiest to implement. Useless for a shell script game. If a user figures out the file name from the binary, they can change the data file.
  2. tricky - user can not change their score. They can append garbage to the data file
  3. better than 1 - if you assemble the file name from string fragments in your program, it will be hard to guess the file name.
  4. best - gives game r/w access to scores but user can't get them.

Disk Partitions & File Layouts

PC-DOS disk data block allocation
one directory entry for each file
number of directory entries set at disk format

UNIX disk data block allocation
one i-node entry for each file
number of i-node entries set at disk format

UNIX disk directory setup
one or more directory entry for each file
number of directory entries limited by data space

UNIX large file inode layout